From owner-freebsd-net Tue Nov 21 12:17: 4 2000 Delivered-To: freebsd-net@freebsd.org Received: from rapidnet.com (rapidnet.com [205.164.216.1]) by hub.freebsd.org (Postfix) with ESMTP id 5EE9E37B4E5 for ; Tue, 21 Nov 2000 12:16:53 -0800 (PST) Received: from localhost (nick@localhost) by rapidnet.com (8.9.3/8.9.3) with ESMTP id NAA94814; Tue, 21 Nov 2000 13:15:32 -0700 (MST) Date: Tue, 21 Nov 2000 13:15:31 -0700 (MST) From: Nick Rogness To: Hamilton Hoover Cc: "freebsd-net@freebsd.org" Subject: Re: dual homed gateway system running ipfw and nat. need rules help. In-Reply-To: <3A1ACB68.E9CA2862@twopoint.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 21 Nov 2000, Hamilton Hoover wrote: > First, thanks so much for your help so far. The information I have > learned is invaluable. Should you ever be in my neck of the woods beer > and pizza are on me. Might take you up on that ;-p > > I am so close at this point i can taste it. There are just a few bugs > left that I am having trouble with. At this point I am still not passing > mail from the firewall but I can see in various logs what is stopping > it. I am not sure how to circumvent this. > What des the logs say. > my natd.conf reads as follows: > > dynamic no > use_sockets yes > same_ports yes > redirect_port tcp 192.x.x.x:25 209.x.x.x:25 > What do your firewall and natd files look like (complete)? > where 192.x.x.x is the address of the mail server on the private net and > 209.x.x.x is the address of the public interface of the firewall. > > my firewall script has these rules for passing mail. I'm unsure if I > even need this with the redirect rule in natd.conf but I put it here > anyway. I have tried commenting it and the results were the same. > > ${fwcmd} add pass tcp from any 25 to 192.x.x.x 25 > If you are going to use this rule, Make sure this rule occurs after the divert statement in the ipfw ruleset. You shouldn't have to use it though. > I have also tried > > ${fwcmd} add pass tcp from any 25 to 192.x.x.x 25 via ${iip} > > Scanning open ports on the public side of the firewall I noticed that > only ssh 22 is open. I need to have port 25 open in order for this to > work right? In rc.conf I have > No. The port is taken care of by natd. > sendmail_enable "NO" > > changing this to > > sendmail_enable "yes" > Leave sendmail off. > produces sendmail relaying denied errors. I'm pretty sure that I don't > really need sendmail running just to pass itt through the firewall but I > don't seem to be able to open port 25 without it. Additionally I would > like the security email sent to myself and that only seems to work if > sendmail is running. > Use an alias to forward it to your linux machine. I need more specific info like IP addresses and configs. You can email off this list and I'll work with ya on it. Nick Rogness - Drive defensively. Buy a tank. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message